- Public key cryptography
S-Mail® has been developed on the principles of public key cryptography, which uses a pair of
asymmetric keys (public and private) for encryption/decryption.
The public key is freely distributed to all interested parties, and can only be used to encrypt data.
The private key is available to a mailbox owner only, and it is used to decrypt messages.
If anyone from the user's correspondents wants to write a secure letter to that user, he will
encrypt the letter using the user's public key. When the email is received, the user decrypts it using the private key.
No one can decrypt the message without the private key. It is not possible to ascertain the private key from the public key.
- Public and private key generation process
Upon registration, the S-Mail system generates private and public keys for the user.
The public key is stored on the S-Mail public key server and can be accessed without a password. The private key
is immediately encrypted with the use of a user-selected password. The private key is then stored
on a secure private key server. To access and decrypt the private key, a user's password is required.
Therefore, it is only possible to get the private key if the original password is known.
To secure your correspondence, the S-Mail system does not store any passwords.
- Sending an encrypted message
If a message is sent within S-Mail, the system analyzes the "To:" field (which contains the address of the recipient),
and retrieves the recipient's public key from the public key server. Having retrieved that public key, the client's
application, which is activated on the sender's PC, generates the session key, known as the "K" key.
The message is then encrypted using the "K" key as an encryption key. Then, the "K" key itself is encrypted with the use
of the sender's public key and is attached to the body of the encrypted message. When all operations are completed,
the encrypted message is sent to the recipient's mailbox.
- The decryption process
To read the message, the recipient needs to sign in, using his/her user name and password. The private key
server retrieves the recipient's private key which is then decrypted on the user's PC using the password.
When the recipient wants to read the message, the system decrypts it by extracting the "K" key
from the body of the message and decrypting it using the recipient's private key.
The decrypted "K" key decrypts the body of the message which can then be read.
- E-mails delivered to non S-Mail users
If an S-Mail user sends a message to a non S-Mail user, the system analyses the "To" field, and retrieves
the public key from the public keys server. The message is encrypted in the usual way, but before leaving S-Mail
it gets decrypted through use of the system private key. The message is sent unencrypted.
- E-mails coming from non S-Mail users
If the sender of an email message is not an S-Mail user, the server requests the recipient's public key.
When the public key is accessed, the system generates the random session "K" key. After that the message is encrypted by
the "K" key, the "K" key is encrypted by the public key of the recipient, and then added to the body of the letter.
Finally, the whole encrypted message is transmitted to the recipient's box.
Algorithms and protocols used at S-Mail
to protect your communication are shown here